Ransomware Attack Against U.S. Organizations Rises: Emsisoft Reports

What do the stats say?

• According to Emsisoft, in 2022, 105 state or municipal governments or agencies were affected by ransomware, compared to 77 attacks in 2021. 
• A total of 89 educational institutions, including 45 school districts and 44 colleges and universities,  were also affected last year by ransomware attacks. At least three of these institutions paid ransoms that went up to $400,000. 
• There were 25 incidents against healthcare providers that operated for 290 hospitals. The most significant of these was the attack on CommonSpirit Health which operates almost 150 hospitals.

How is the government handling it?  

• Several counter-ransomware initiatives that include executive orders, international summits, and the creation of the Joint Ransomware Task Force (JRTF) have been recommended to strengthen efforts to disrupt the ransomware ecosystem.
• Florida and North Carolina have introduced legislation that prohibits the public sector from paying the ransom. 

CISA warns against ransomware attacks

• An advisory on Cuba ransomware revealed that the attackers had hit over 100 organizations, making a profit of over $60 million from ransom payments until August 2022.
• Vice Society ransomware was held responsible for disproportionately targeting K-12 schools and higher education institutions. 
• In another advisory, the CISA shared updated IoCs and recommendations against Hive ransomware that was actively being used to target healthcare organizations.

Conclusion